semantic-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill uses 'CRITICAL' instructions to override agent behavior, demanding it use this tool 'FIRST' for all tasks. This is a direct attempt to bypass standard agent protocols.
- COMMAND_EXECUTION (HIGH): Search commands interpolate the '$ARGUMENTS' variable directly into a bash shell command string without sanitization, creating a significant shell injection risk.
- INDIRECT_PROMPT_INJECTION (HIGH): [Ingestion points]: Codebase content is indexed via main.py. [Boundary markers]: Search results return raw code segments without delimiters. [Capability inventory]: The skill has broad bash permissions and network access via the google-generativeai package. [Sanitization]: No sanitization is performed on code content, allowing malicious code snippets to influence the agent.
- EXTERNAL_DOWNLOADS (MEDIUM): Requires installation of the 'cocoindex' package, which is an unverified external dependency from a non-trusted source.
- CREDENTIALS_UNSAFE (LOW): Hardcoded database credentials are found in the docker configuration, and setup instructions recommend storing sensitive API keys in unencrypted local files.
Recommendations
- AI detected serious security threats
Audit Metadata